Firmware upgrade

Upload new firmware to flash before starting.

! Remove old boot image
no boot system disk0:/asa963-1-smp-k8.bin
! Add new image as primary boot with old as backup
boot system disk0:/asa964-3-smp-k8.bin
boot system disk0:/asa963-1-smp-k8.bin
! Save changes to config
write memory
! This will cause the standby firewall to reload
failover reload-standby
! After getting messages that standby has rebooted, verify that failover is ready
show failover
! This forces active firewall to become standby, and standby to active
no failover active

Cheat Sheet

Another thing you can do with the ASDM client is to enable command previews.
This allows you to configure things in the ASDM but before it sends them to the firewall it will show you the CLI that is being used.
This is enabled through the ASDM > Tools > Preferences > Preview commands before sending them to the device

Show access-list

will show you the rules with all groups expanded and resolve names to IPs.
It also shows you the hit count of the rule so you can see if it’s not being used.
Lastly it shows you the access list sequence number if you need to put a rule in the middle of the ruleset: